Critical Adobe Flash Player Remote Code Execution Vulnerability
( CVE-2011-0611, APSA11-02, APSB11-08 )
Summary
A critical vulnerability has been identified in Adobe Flash Player that could cause a crash and potentially allow an attacker to take control of the affected system. It is already being exploited in the wild.
Details
Adobe Flash Player is a multimedia and application player that renders Shockwave Flash (SWF) files.
A remote attacker can exploit this vulnerability by enticing a user to download and view a malicious Flash file, possibly embedded in a document file, that makes an invalid use of an object type that causes Flash to crash. Successful exploitation of this vulnerability could cause a crash and potentially allow an attacker to execute arbitrary code and subsequently take control of the affected system. The vulnerability is being exploited in the wild in targeted attacks via malicious Web pages as well as via specially crafted Flash (.swf) files embedded in Microsoft Word (.doc) and Microsoft Excel (.xls) files delivered as an email attachment.
Affected Products
The following Adobe Systems applications are affected by this issue:
- Acrobat 9.x
- Acrobat X (10.0.2 and prior)
- Acrobat Reader 9.x
- Acrobat Reader X (10.0.2 and prior)
- Flash Player 10.2.153.1 and prior on Windows, Macintosh, Linux and Solaris
- Flash Player 10.2.154.25 and prior for Google Chrome users
- Flash Player 10.2.156.12 and prior on Android
Solution
Check Point recommends that the patches that Adobe has released for Flash and Reader/Acrobat be installed as soon as is practical. Check Point's IPS Software Blade provides immediate protection against this issue for unpatched systems in the latest IPS update by detecting and blocking malformed Adobe Flash files that have ActionScript content. For more information, see CPAI-2011-232.
Originally Published:
Last Updated: 09-May-2011